MidnightBSD

Advisories for secheron

CVE-2022-1666 MEDIUM

The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,CWE-522,

Products Affected

Vendor Product Version
secheron sepcos_control_and_protection_relay_firmware *
CVE-2022-1667 HIGH

Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by loading the corresponding, browser accessible PHP script

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
ics-cert@hq.dhs.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-841,NVD-CWE-Other,

Products Affected

Vendor Product Version
secheron sepcos_control_and_protection_relay_firmware *
CVE-2022-1668 HIGH

Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-521,CWE-521,

Products Affected

Vendor Product Version
secheron sepcos_control_and_protection_relay_firmware *
CVE-2022-2102 MEDIUM

Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H 3.9 5.5
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-841,CWE-434,

Products Affected

Vendor Product Version
secheron sepcos_control_and_protection_relay_firmware *
CVE-2022-2103 MEDIUM

An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-522,

Products Affected

Vendor Product Version
secheron sepcos_control_and_protection_relay_firmware *
CVE-2022-2104 HIGH

The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
ics-cert@hq.dhs.gov 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-269,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
secheron sepcos_control_and_protection_relay_firmware *
CVE-2022-2105 MEDIUM

Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 9.4 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H 3.9 5.5
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-841,NVD-CWE-Other,

Products Affected

Vendor Product Version
secheron sepcos_control_and_protection_relay_firmware *